Rewterz Threat Update – Over 150K UAE Network Apps and Devices Discovered Wide Open Online

Severity

High

Analysis Summary

The United Arab Emirates (UAE) has expeditiously adopted IT (Information Technology) and OT (Operational Technology) for advancement, but this rapid adoption has drastically expanded its attack surface. It was recently discovered that around 155,000 remotely accessible assets were left vulnerable to a horde of threat actors to exploit due to misconfiguration and insecure apps.

According to recently released findings in the “State of the UAE Cybersecurity Report 2024,” the vulnerable assets include open-file-sharing systems, network administrative interfaces, remote access points, and insecure network devices. While the percentage of attack surface occupied by exploitable public-facing applications has decreased, insider risks have increased proportionately.

The country’s cyberattack surface is expanding as more organizations use cloud computing, OT, AI, and machine learning in their daily operations. Due to advancements the threat actors are getting out-of-ordinary opportunities to gain unauthorized access. The most used attack variants are ransomware and DDoS.

Over the past two years, the vast majority of UAE-based companies have faced cyberattacks. Within the first nine months of 2023, over 71 million cyberattacks were blocked by the government. The majority of the security incidents handled by a cybersecurity firm’s security operation center were misconfiguration, malware, email fraud, and phishing, but more than a quarter were of misconfiguration. Nearly 21% of the attacks were by insider threats, and about one-third, or 29% seemed to be financially motivated.

UAE enterprises must set robust cybersecurity plans to mitigate potential cyber threats by promoting vigilance and timely reporting of suspicious activities for effective defense strategies.

Impact

• Financial Loss
• Exposure to Sensitive Data
• Unauthorized Access
• Operational Disruption

Remediation

• Ensure that general security policies are employed including implementing strong passwords, correct configurations, and proper administration security policies.
• Enable two-factor authentication.
• Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets.
• Deploy advanced threat detection solutions that can identify and analyze suspicious activities, patterns, and behaviors across your network and endpoints. Utilize intrusion detection systems (IDS), intrusion prevention systems (IPS), and next-generation firewalls to proactively monitor and block malicious activities.
• Implement network segmentation to compartmentalize sensitive systems and data.
• Strengthen email security protocols to identify and block phishing attempts. Train employees to recognize suspicious emails and attachments, and employ email filtering technologies to reduce the likelihood of successful spear-phishing attacks.
• Regularly update and patch all software, applications, and operating systems to minimize potential entry points for cyber attackers.
• Enforce MFA across your organization to add an extra layer of security to user accounts and critical systems.
• Deploy advanced endpoint security solutions that offer real-time threat detection and response. This includes antivirus software, endpoint detection and response (EDR) tools, and behavioral analysis to identify suspicious activities.
• Ensure that systems are securely configured and hardened following industry best practices. Disable unnecessary services, ports, and protocols to reduce the attack surface.
• Develop and regularly update an incident response plan that outlines the steps to be taken in the event of a cyber attack. This plan should include communication protocols, roles and responsibilities, and procedures for containing and mitigating the attack.
• Conduct regular security audits and penetration testing to identify vulnerabilities and weaknesses in your systems and infrastructure.
• Assess the security practices of third-party vendors and suppliers who have access to your network.